Does Post Like Manager have any unpatched vulnerabilities?

No. All known vulnerabilities in Post Like Manager have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Post Like Manager compatible with WordPress 4.6.30?

According to WordPress.org data, Post Like Manager 1.0 has been tested up to WordPress 4.6.30. Check the plugin's changelog for the latest compatibility information.

How often is Post Like Manager updated?

Post Like Manager was last updated on Oct 17, 2016. Frequent updates are generally a positive security signal.

What is Post Like Manager's security score?

Post Like Manager has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Post Like Manager Security & Risk Analysis

wordpress.org/plugins/pl-manager

A smooth ajax-based like/dislike functionality for wordpress posts, pages, Custom post types..

10 active installs v1.0 PHP + WP 4.0+ Updated Oct 17, 2016

most-liked-postsrecently-liked-poststhumbs-downthumbs-upwordpress-like-post

A · Safe

CVEs total0

Unpatched0

Last CVENever

Download

Safety Verdict

Is Post Like Manager Safe to Use in 2026?

Generally Safe

Score 85/100

Post Like Manager has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 9yr ago

Risk Assessment

The "pl-manager" plugin v1.0 exhibits a mixed security posture. On the positive side, it has a clean vulnerability history with no known CVEs and avoids dangerous functions, file operations, and external HTTP requests. The vast majority of its SQL queries utilize prepared statements, which is a strong defense against SQL injection. However, the static analysis reveals significant areas of concern, particularly regarding its attack surface. A substantial portion of its AJAX handlers (4 out of 6) lack authentication checks, creating potential entry points for unauthorized actions. Furthermore, only a single nonce check is present across the entire plugin, leaving most AJAX requests vulnerable to replay attacks. The low rate of properly escaped output (5%) is also a notable weakness, potentially exposing the site to cross-site scripting (XSS) vulnerabilities, especially when combined with the unprotected AJAX handlers. The lack of capability checks further exacerbates these risks, as even unauthenticated users might be able to trigger sensitive functionality.

Key Concerns

Unprotected AJAX handlers
Low output escaping rate
Insufficient nonce checks
No capability checks

Vulnerabilities

None known

Post Like Manager Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 17, 2026

Post Like Manager Code Analysis

Dangerous Functions

Raw SQL Queries

21 prepared

Unescaped Output

1 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

SQL Query Safety

95% prepared22 total queries

Output Escaping

5% escaped21 total outputs

Data Flows

All sanitized

Data Flow Analysis

3 flows

plm_process_vote_func (ajax.php:17)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

4 unprotected

Post Like Manager Attack Surface

Entry Points7

Unprotected4

AJAX Handlers 6

authwp_ajax_plm_process_vote_countajax.php:5

noprivwp_ajax_plm_process_vote_countajax.php:6

authwp_ajax_plm_delete_liked_postajax.php:8

noprivwp_ajax_plm_delete_liked_postajax.php:9

authwp_ajax_plm_restore_defaultsajax.php:11

noprivwp_ajax_plm_restore_defaultsajax.php:12

Shortcodes 1

[mm-plm] user.php:36

WordPress Hooks 10

actionadmin_menuadmin.php:20

actionadmin_initadmin.php:21

actionadmin_enqueue_scriptsadmin.php:22

actioninitpl-manager.php:72

filterplugin_action_linkspl-manager.php:73

actionwp_headuser.php:22

filterthe_contentuser.php:26

filterget_the_excerptuser.php:27

filterthe_excerptuser.php:29

actionwp_enqueue_scriptsuser.php:33

Maintenance & Trust

Post Like Manager Maintenance & Trust

Maintenance Signals

WordPress version tested4.6.30

Last updatedOct 17, 2016

PHP min version

Downloads2K

Community Trust

Rating100/100

Number of ratings1

Active installs10

Alternatives

Post Like Manager Alternatives

Applause/Like/Upvote Button

applause

100

Add an applause/like/upvote button to your content.

30 No CVEs

Post Likerator

post-likerator

100

Simple like/unlike function for posts. No dislikes. Bring your own CSS.

10 No CVEs

Recommend

recommend

100

Recommend allows you to add a like user action to your content. Unlike social sharing or commenting, the like action is simple and intuitive.

10 No CVEs

ThumbsUp or Down Reactions

thumbsup-or-down-reactions

100

A lightweight and customizable thumbs up/down reaction plugin. Easily track likes and dislikes on any post, page, or custom post type.

0 No CVEs

Developer Profile

Post Like Manager Developer Profile

manidipmandal

2 plugins · 20 total installs

trust score

Avg Security Score

85/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect Post Like Manager

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/pl-manager/css/style.css/wp-content/plugins/pl-manager/css/admin.css/wp-content/plugins/pl-manager/js/admin.js

Script Paths

/wp-content/plugins/pl-manager/js/admin.js

Version Parameters

pl-manager/style.css?ver=pl-manager/admin.css?ver=pl-manager/admin.js?ver=

HTML / DOM Fingerprints

CSS Classes

plm-wrapplm-headerplm-bodyplm-left-contentplm-tabsresp-tabs-listresp-tabs-containerplm-form-sections+2 more

HTML Comments

+6 more

Data Attributes

data-tab="1"data-tab="2"

JS Globals

MMPLM_PLUGIN_URLMMPLM_PLUGIN_NAMEMMPLM_PLUGIN_VERSIONMMPLM_AJAX_URL

FAQ